Features Introduced in GlobalProtect App 5.0

Learn about the exciting new features introduced in the GlobalProtect™ App 5.0 release.
The following table describes the new features introduced in GlobalProtect app 5.0. For additional information on how to use the new features in this release, refer to the GlobalProtect App 5.0 New Features Guide.
New GlobalProtect Feature
Description
Support for iOS 12
GlobalProtect app 5.0 for iOS endpoints supports iOS 12.
GlobalProtect App for iOS User Experience Enhancements
GlobalProtect app 5.0 for iOS endpoints introduces an enhanced user experience through a more modern and intuitive app interface, a streamlined connection process, and simplified workflows. The new app also features a native iOS app experience that enables GlobalProtect to access the endpoint's built-in capabilities (such as system notifications) and run more seamlessly on the endpoint.
In addition, GlobalProtect app 5.0 introduces authentication changes, changes to the mobile device management (MDM) configuration, and the capability for remote users to change their RADIUS or Active Directory (AD) password through the app.
GlobalProtect App for Android User Experience Enhancements
GlobalProtect app 5.0 for Android endpoints introduces an enhanced user experience through a modern and intuitive app interface and streamlined connection process. The new app also features a native Android app experience that enables the app to access the endpoint's built-in capabilities (such as system notifications) and run more seamlessly on the endpoint.
Gateway Location Visibility for End Users
To aid end users with troubleshooting, the GlobalProtect app now displays the administrator-defined location of the connected GlobalProtect gateway. When end users experience unusual behavior, such as poor network performance, they can provide this location to their support or Help Desk professionals. By identifying the location, end users can determine their proximity to the gateway and evaluate whether to switch to a closer gateway.
To configure a location label for a gateway, refer to the PAN-OS 9.0 Release Notes.
Always On Security for Chromebooks
Chromebooks now support Always On VPN through extended support for the GlobalProtect app for Android. With Always On VPN, GlobalProtect initiates a connection each time users log in to their Chromebooks. This enables you to maintain full visibility into your Chromebook users’ traffic and provide consistent policy enforcement.
Refer to Chrome OS Systems Supporting Android Apps for the list of Chromebook models that support Android apps.
FIPS-CC Mode for GlobalProtect on Windows and macOS
(Certification is pending)
In preparation for submitting the GlobalProtect 5.0 app for FIPS-CC certification, the GlobalProtect app for Windows and Mac endpoints has been updated to meet FIPS-CC requirements. With this feature, you can deploy the GlobalProtect app in FIPS-CC mode to enforce stronger security checks for your users, including the following:
  • Enhanced certificate validity checks
  • Stricter x509v3 certificate checks, such as OCSP/CRL checks and extended key usage checks
  • Algorithm health checks (such as FIPS self-tests and integrity checks) to verify the system integrity and ensure that GlobalProtect uses the correct cryptography for secure communication
  • Use of FIPS and CC compliant algorithms for enhanced security (for example, to ensure that GlobalProtect does not use weak algorithms or key sizes)
  • Updated logging that provides the results of these security checks
Federal Information Processing Standard (FIPS 140-2) and Common Criteria (CC) are security certifications that ensure a standard set of security assurances and functionalities. These certifications are often required by U.S. government agencies and other domestic and international regulated industries.
GlobalProtect App for iOS and Android MDM Integration for HIP-based Policy Enforcement
The GlobalProtect app for iOS and Android endpoints can now obtain the endpoint ownership category, endpoint compliance status, and other attributes from mobile device management (MDM) systems for use in HIP-based policy enforcement. For iOS endpoints, MDM systems send these attributes to the GlobalProtect app as part of the VPN profile. For Android endpoints, MDM systems send these attributes as part of the App Restrictions. After the GlobalProtect app receives these attributes, it sends this data to the GlobalProtect gateway in the HIP report to enable HIP-based security policies.
Support for Landscape Mode on iPads
(GlobalProtect app 5.0.3 and later releases) GlobalProtect app 5.0 for iOS endpoints supports landscape mode on iPads.

Related Documentation